The Perils of Burma’s Internet Craze

A vicious hacker movement with military connections is targeting independent bloggers and media outlets.

In 2010, a Burmese SIM card cost $1,500 and less than one percent of the population had access to the Internet. Online censorship was rife and the military junta that then ruled the country aggressively monitored and silenced journalists. But over the past three years, the environment has transformed. A democratic reform agenda has ushered in the liberalization of telecoms markets, and with the arrival of 3G technology, Internet users are expected, by one estimate, to reach 38 million by the end of the year. Smartphone shops and cheap SIM card stalls now clutter the bustling streets of Rangoon. Parks and tea shops are filled with youths flicking through Facebook on their handsets.

This unprecedented boom in connectivity has allowed Burma’s people to access a torrent of information and openly trade ideas about the country’s political transition. Previously exiled media outlets have returned, and independent online publishers have multiplied.

But access to the modern world of information has come at a price.

Burma has witnessed the rapid ascent of a vicious vigilante hacker movement that targets independent media outlets and other websites, especially those that criticize the military or spotlight anti-Muslim hate crimes. More worrying still is that this movement has been able to operate with complete impunity despite the much-vaunted democratic transition. On April 1, the country’s first civilian government in over half a century, led by long-time human rights champion Aung San Suu Kyi, took power. But the military remains a powerful player, largely shielded from public scrutiny. The rise of a mysterious Internet mob that appears determined to silence its critics raises questions about the limits of free speech in the new Burma.

In July 2012, shortly after ethnic conflict gripped the west of the country, the website of my then-employer, Democratic Voice of Burma (DVB), a media group based in exile in Thailand, was taken down by vigilantes who called themselves the “Blink Hacker Group.” This appeared to be in response to DVB’s use of the word “Rohingya,” a highly contested term describing an oppressed Muslim minority that has been brutalized by the Burmese military for decades. Similar attacks subsequently targeted media outlets that reported freely on the escalating persecution of Burma’s minorities and reached a peak near the 2015 election. The authorities have never taken any action in response to these attacks. Media outlets have been forced to spend money and time on laborious security measures even as they confront constant reminders of lingering taboos.

Now, after a three-year investigation, Unleashed Research Labs, a Sweden-based cyber security firm that protects DVB and other pro-democracy media groups, has shed fresh light on the political motives behind these attacks. It presents damning evidence that the Burmese military played a leading role in the spike of cyber assaults on independent media outlets in the run-up to Burma’s historic November election — the one in which the opposition National League for Democracy (NLD) party won its impressive victory. A vigilante collective called the “Union of Hacktivists” claimed responsibility for those attacks as part of a campaign dubbed “#Op Fucking Media.” No government or military-linked media was targeted. The Swedish researchers also linked Blink Hacker Group to the political establishment.

Unleashed Research Labs’s report details how its researchers connected these attacks to a secretive network run by the Burmese military, tracing them to a server managed by the Defense Services Academy, a training school for military cadets. The attacks had been launched during normal working hours, suggesting a coordinated army-led initiative to smear critical media. Other institutions hosted on the same network included two military-run propaganda outlets and the Ministry of Defense.

Researchers also claim in the same report to have identified several individual hackers with ties to the army and the affiliated Union Solidarity and Development Party. Most are vocal supporters of the erstwhile military-backed government and of ultranationalist groups who lead hate campaigns against Burma’s Muslim minority. In a statement published online, Blink Hacker Group admitted that some of its supporters are “nationalists” and “government lobbyists” while accusing “jihadi Muslim[s]” of conspiring against them.

Islamophobia is prevalent throughout Burmese society, so this is no smoking gun. But the country’s nascent “hacktivist” movement is conspicuously aligned with military objectives. At best, the armed forces and its supporters tacitly encourage the young hackers by looking the other way. At worst, this means the military has infiltrated the hacker scene in order to advance its political agenda. This is conceivable, considering the army’s historic role in manipulating news and scrubbing critical content. Statements published by the Union of Hacktivists, which emulate the language and tone of the Burmese military, certainly lend credence to this theory. The group has accused the media of “destroying the [Buddhist] religion and nation” and “keep[ing] in touch with” armed ethnic groups. It has also warned that the country’s nascent democracy could become its own “dictatorship,” implying that the military would be better suited to running Burma.

This is not the first time the Burmese army, which crushed all dissent over half a century of dictatorial rule, has been accused of launching cyber-attacks on the media. The Defense Services Computer Directorate reportedly began shifting its focus from physical to “information” warfare in the mid-1990s, later taking aim at pro-democracy and opposition groups. Attacks on media outlets in exile were commonplace by the 2007 Saffron Revolution, when the army opened fire on protesting monks demanding an end to military rule. They usually peaked around key political events, such the anniversary of the 1988 pro-democracy uprising, or after bursts of critical reporting.

In 2013, Google reported “state-backed” attempts to hack the email accounts of Burmese journalists. Last year it emerged that the Ministry of Defense had negotiated with an Italian spyware firm about acquiring malware and surveillance technology. With the lifting of most economic sanctions on the former junta, the army may already have purchased such technology from other western companies.

So far, the government has denied any involvement in cyberwar activities. It has also threatened legal action against media groups who dare to claim otherwise. “If they sue institutions such as the Tatmadaw [armed forces] without verification, then it could be deemed defamation,” said Zaw Htay, the Director of President Thein Sein’s office.

His response is revealing. The government is more concerned with prosecuting journalists than investigating the cyber criminals who attack them. This is an apt reflection of the state of free speech in Burma. Despite the NLD’s resounding victory in November’s historic election, it is clear that the army and its coterie of allies remain firmly outside of the justice system. Hackers can operate with the comfortable knowledge that Burma’s current law on cybercrime, the Electronic Transactions Act, was designed with the sole intention of muzzling political activists.

Meanwhile the dangers associated with social media are growing. As Burma opens up and internet access soars, lawsuits that target people just for expressing themselves on the internet are multiplying. Two people who lightly mocked the military on Facebook last year were promptly jailed for defamation, a criminal offense under local law. Again last week, the army threatened to sue Facebook users who suggested that a man involved in bar brawl was a soldier. These risks are acutely felt by journalists, who are regularly threatened, harassed and imprisoned, leading to reluctance to publicly confront the military. As once-exile media organizations abandon the relative safety of Thailand and India and return to Burma, they become increasingly vulnerable to political interference and self-censorship. The military’s advancing technical skills present additional challenges for reporters navigating the country’s murky judicial maze.

Burma is currently in the process of drafting a new law on cybercrime, a task that will fall to the incoming government led by Suu Kyi’s NLD. It is imperative that this legislation not become another political tool for the state. As such, it will need to tackle critical gaps in Burma’s legal infrastructure, by outlining clear regulations on surveillance, lawful interception, and hacking crimes, while ensuring civil rights. Otherwise, Burma’s technology revolution could end up stifling free speech rather than promoting it.

In the photo, a Buddhist monk takes a photo as he and other monks from Burma and Thailand are offered morning alms during a service in Mandalay on September 20, 2015.